Technical Breakthroughs & Analyses for a Leading Bank with IBM Tealeaf

April 5, 2018

Customer’s today interact with devices, channels, platforms, and other lines of business. There’s much money to be made from understanding and fixing setbacks in the customer experience. But often, we don’t know why, when, or where customers struggle.

Smart organizations brace this new reality and find ways to harness customer intelligence through a single point of reference, so they waste no time, nor risk being led off track by disparate, incomplete data from various sources.

Below is a step forward of how Royal Cyber helped a Leading Bank with Traffic inconsistency and a missing issue with IBM Tealeaf.

Issue Description

A customer reported issues about bank’s online services and bank unable to find those user sessions in the IBM Tealeaf.

Issue Summary

The challenge here was to find the cause, as bank’s end customer’s sessions were missing, so we have to look at all probable causes like network packets dropped, SSL certificate issue and internal traffic forwarding configuration. Capture server never drops any traffic unless there are rules in the PCA already defined. However, when we checked, there were no such rules defined. We checked SSL certificates as well and its validity, and we found some certificates were expired and not updated which fixed some issues related to traffic inconsistency. None of the PCA flags on the Summary Tab showed any other concerns.

The next step was to compare the traffic stats of the network F5 switch, which did not show accurate picture as it was forwarding lot of traffic that PCA was discarding as per customer’s license and business requirements. Whenever we created session or someone from bank’s internal network created a session, those sessions always appeared. We were also comparing tcpdump of PCA with tealeaf traffic reports and it wasn’t showing any probable root cause, so we decided to use different browsers and various versions to create sessions. This idea worked as we could consistently find that sessions from latest version of Firefox were missing. So we created a specific tcpdump of that IP and analyze that tcpdump which showed presence of Diffie Hellman ciphers.

Issue Impact

Diffie Hellman (DH) ciphers are not meant to be deciphered and hence when Capture server finds the presence of DH ciphers it just drops those packets as tealeaf cannot decipher that traffic and hence no further processing can be done. DH is used often by new age browsers and hence webservers are forced to use them as preferred cipher or one of the preferred ciphers.

Issue Resolution

As a resolution using IBM Tealeaf, we first decreased the priority of DH ciphers from the list of ciphers used by Webserver for the internal traffic and monitored if there was any impact from security or any other site issues. Upon success validation, we implemented the same strategy for all the traffic and which lead bank to see all the traffic and also bank was able to find reported issues by customer and fix with much lesser turnaround time.

Royal Cyber has numerous IBM Tealeaf customer success stories.Email us at info@royalcyber.com or visit www.royalcyber.com for more information on how we applied technology and how we can provide IBM Tealeaf solution for your organization.